research-article

On the Energy Costs of Post-Quantum KEMs in TLS-based Low-Power Secure IoT

Authors:

Maximilian Schöffel,

Frederik Lauer,

Carl C. Rheinländer,

Norbert WehnAuthors Info & Claims

IoTDI '21: Proceedings of the International Conference on Internet-of-Things Design and Implementation

Pages 158 - 168

https://doi.org/10.1145/3450268.3453528

Published: 18 May 2021 Publication History

Get Access

Abstract

Recent achievements in designing quantum computers place a serious threat on the security of state-of-the-art public key cryptography and on all communication that relies on it. Meanwhile, security is seen as one of the most critical issues of low-power IoT devices even with pre-quantum public key cryptography since IoT devices have strict energy constraints and limited computational power. Thus, state-of-the-art dedicated hardware accelerators have been deployed to facilitate secure and confidential communication with well established protocols on such devices.

It is common belief that the complexity of the cryptographic computations are also the bottleneck of the new, quantum-resistant algorithms and that hardware accelerators are necessary to use them efficiently on energy constrained embedded devices. In this paper, we carried out an in-depth investigation of the application of potential Post-Quantum Cryptography algorithms, which were proposed in the associated US NIST process, to a representative TLS-based low-power IoT infrastructure.

First, we show that the main contributor to the TLS handshake latency are the higher bandwidth requirements of post-quantum Key-Encapsulation Mechanisms rather than the cryptographic computations itself. Second, from the perspective of crypto-agility we show that edge devices with code-based, isogeny-based as well as lattice-based algorithms have low energy consumption, which enables long battery run times in typical IoT scenarios without dedicated hardware accelerators. Third, we increase the level of security further by combining pre-quantum and post-quantum algorithms to a hybrid key exchange, and quantify the overhead in energy consumption and latency of it.

References

[1]

Carlos Aguilar-Melchor, Olivier Blazy, Jean-Christophe Deneuville, Philippe Gaborit, and Gilles Zémor. 2018. Efficient Encryption from Random Quasi-Cyclic Codes. IEEE Transactions on Information Theory 64, 5 (2018), 3927--3943.

Abstract

References

Cited By

Index Terms

Recommendations

Post-Quantum TLS Without Handshake Signatures

Practical and post-quantum authenticated key exchange from one-way secure key encapsulation mechanism

CPA-Secure KEMs are also Sufficient for Post-quantum TLS 1.3

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations